hi anybody would like to have a take on this pcom?
DESCRIPTION
Pcom is a PHP-driven webtelnet, that is a web interface to execute shell commands/external programs on a server. Obviously there are limitations, derived mainly by security limitations on the webserver (ie safe_mode in php). There is also a limitation on the program function itself, because you can only use non-interactive commands: you can launch a command or a program that doesn't need user interaction, but you cannot use something like lynx or irc (you can onlylaunch an interactive application in background, driving it automatically by arguments and/or scripts -where possible-). Remember that you can only launch a command, you don't drive a real shell. So, if you launch a ping it will go forever because you cannot take back the control on the stdin, while launching a traceroute you should get back control and output of the command because it terminates itself without user interaction.
basically even though u have phpsuexec and this option below check, u still can run stuff~ even though limited. it will run an ircbot.php seemlessly, eventhough u have psybnc or eggdrop in your background process killing. so~ anybody can work around this?
Prevent the user 'nobody' from sending out mail to remote addresses (php and cgi scripts generally run as nobody if you are not using phpsuexec and suexec respectively
DESCRIPTION
Pcom is a PHP-driven webtelnet, that is a web interface to execute shell commands/external programs on a server. Obviously there are limitations, derived mainly by security limitations on the webserver (ie safe_mode in php). There is also a limitation on the program function itself, because you can only use non-interactive commands: you can launch a command or a program that doesn't need user interaction, but you cannot use something like lynx or irc (you can onlylaunch an interactive application in background, driving it automatically by arguments and/or scripts -where possible-). Remember that you can only launch a command, you don't drive a real shell. So, if you launch a ping it will go forever because you cannot take back the control on the stdin, while launching a traceroute you should get back control and output of the command because it terminates itself without user interaction.
basically even though u have phpsuexec and this option below check, u still can run stuff~ even though limited. it will run an ircbot.php seemlessly, eventhough u have psybnc or eggdrop in your background process killing. so~ anybody can work around this?
Prevent the user 'nobody' from sending out mail to remote addresses (php and cgi scripts generally run as nobody if you are not using phpsuexec and suexec respectively